Section: .. / 0804-advisories /
| /// File Name: |
SSRT080048.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 10980 | | Last Modified: | Apr 17 13:01:33 2008 |
| MD5 Checksum: | 398f6b021079c9b1e4a851b6c27b2f22 |
|
| /// File Name: |
TA08-094A.txt |
Description:
|
Technical Cyber Security Alert TA08-094A - Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3628 | | Last Modified: | Apr 4 17:57:46 2008 |
| MD5 Checksum: | 60f2970d4d83177489a7d4ebb3c8d958 |
|
| /// File Name: |
TA08-099A.txt |
Description:
|
Technical Cyber Security Alert TA08-099A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3469 | | Last Modified: | Apr 8 23:18:10 2008 |
| MD5 Checksum: | 82069bfe7ab0decef2056f8cf30cc852 |
|
| /// File Name: |
TA08-100A.txt |
Description:
|
Technical Cyber Security Alert TA08-100A - Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3968 | | Last Modified: | Apr 10 10:11:41 2008 |
| MD5 Checksum: | aaecb686c739ae7287dc60f8b5b2039f |
|
| /// File Name: |
trillian-overflow.txt |
Description:
|
Trillian version 3.1.9.0 suffers from a buffer overflow vulnerability while parsing xml .dtd file types. Earlier versions may already be affected.
| | Author: | david130490 | | File Size: | 549 | | Last Modified: | Apr 11 18:01:35 2008 |
| MD5 Checksum: | 533540439129e7a9847d61e3056bf7fb |
|
| /// File Name: |
USN-588-2.txt |
Description:
|
Ubuntu Security Notice 588-2 - USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restrictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6200 | | Related CVE(s): | CVE-2007-2692, CVE-2006-7232, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227 | | Last Modified: | Apr 3 01:44:58 2008 |
| MD5 Checksum: | 0e465a8d84fe8c332aef57d16bde0de9 |
|
| /// File Name: |
USN-597-1.txt |
Description:
|
Ubuntu Security Notice 597-1 - Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17916 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | Apr 1 22:37:56 2008 |
| MD5 Checksum: | acc7ff3797e35f1b35341adcd57bb07d |
|
| /// File Name: |
USN-598-1.txt |
Description:
|
Ubuntu Security Notice 598-1 - It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. If a crafted HP-GL/2 file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23422 | | Related CVE(s): | CVE-2008-1373, CVE-2008-0047, CVE-2008-0053, CVE-2008-0882 | | Last Modified: | Apr 3 01:47:02 2008 |
| MD5 Checksum: | 3d4ed2daa34bf5032ac967c51449a280 |
|
| /// File Name: |
USN-599-1.txt |
Description:
|
Ubuntu Security Notice 599-1 - Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17458 | | Related CVE(s): | CVE-2008-0411 | | Last Modified: | Apr 10 16:56:36 2008 |
| MD5 Checksum: | 43efa697a0e4c0676a66dd1e0d1a4691 |
|
| /// File Name: |
USN-600-1.txt |
Description:
|
Ubuntu Security Notice 600-1 - Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3474 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 11 14:51:50 2008 |
| MD5 Checksum: | d2c9ff7066ca61f4e637585d5c630a1e |
|
| /// File Name: |
USN-601-1.txt |
Description:
|
Ubuntu Security Notice 601-1 - It was discovered that Squid did not perform proper bounds checking when processing cache update replies. A remote authenticated user may be able to trigger an assertion error and cause a denial of service. This vulnerability is due to an incorrect fix for CVE-2007-6239.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12069 | | Related CVE(s): | CVE-2007-6239, CVE-2008-1612 | | Last Modified: | Apr 14 19:00:09 2008 |
| MD5 Checksum: | 1aa71f11f950e52824311ffca966e3ae |
|
| /// File Name: |
USN-602-1.txt |
Description:
|
Ubuntu Security Notice 602-1 - Flaws were discovered in Firefox which could lead to crashes during JavaScript garbage collection. If a user were tricked into opening a malicious web page, an attacker may be able to crash the browser or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28998 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 22 21:29:24 2008 |
| MD5 Checksum: | 21e097647ae14be9643afff299913525 |
|
| /// File Name: |
USN-603-1.txt |
Description:
|
Ubuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25543 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:28:39 2008 |
| MD5 Checksum: | ab602d084ad7a129d3846b95f49c622a |
|
| /// File Name: |
USN-603-2.txt |
Description:
|
Ubuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 48008 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:29:25 2008 |
| MD5 Checksum: | d868647294c24941511fa277eac06e2e |
|
| /// File Name: |
USN-604-1.txt |
Description:
|
Ubuntu Security Notice 604-1 - Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes. If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13084 | | Related CVE(s): | CVE-2008-0668 | | Last Modified: | Apr 22 21:28:45 2008 |
| MD5 Checksum: | 42e2b1ba8c58127eda73c4a02607ef25 |
|
| /// File Name: |
virtuozzo-xsrf.txt |
Description:
|
Virtuozzo from Parallels suffers from cross site request forgery vulnerabilities.
| | Author: | poplix | | Homepage: | http://px.dynalias.org/ | | File Size: | 1756 | | Last Modified: | Apr 4 17:43:35 2008 |
| MD5 Checksum: | fecc08d75ae7ba875e668dc7dabf3479 |
|
| /// File Name: |
W01-0408.txt |
Description:
|
Wintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below 6.0.1.5605 and RTKVHDA64.sys signed versions below 6.0.1.5605 are affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.wintercore.com/ | | File Size: | 1149 | | Last Modified: | Apr 23 20:56:23 2008 |
| MD5 Checksum: | 47a309b2daf808a41f1509b4c34eb2bc |
|
| /// File Name: |
webwasher-dos.txt |
Description:
|
It appears that Secure Computing Webwasher versions 6.6.3 and below suffer form a denial of service vulnerability.
| | Author: | National Australia Bank Security Assurance | | File Size: | 2198 | | Last Modified: | Apr 4 17:52:34 2008 |
| MD5 Checksum: | 76689687b007ad966776a162e45fd28c |
|
| /// File Name: |
woltlabcf-xss.txt |
Description:
|
WoltLab Community Framework versions 1.0.6 and below suffer from cross site scripting and full path disclosure vulnerabilities.
| | Author: | Jessica Hope | | File Size: | 2367 | | Last Modified: | Apr 8 01:37:28 2008 |
| MD5 Checksum: | e131b984083d4b625db1787b67884e0d |
|
| /// File Name: |
wordpress-cookie-integrity.txt |
Description:
|
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This is not good.
| | Author: | Steven J. Murdoch | | Homepage: | http://www.cl.cam.ac.uk/users/sjm217/ | | File Size: | 3767 | | Related CVE(s): | CVE-2008-1930 | | Last Modified: | Apr 25 11:57:22 2008 |
| MD5 Checksum: | 4dc92444f474cfd6cca874b7f41b46bd |
|
| /// File Name: |
ZDI-08-014.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, a heap corruption occurs allowing the execution of arbitrary code. Version 7.4.1 is affected.
| | Author: | bugfree | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2901 | | Related CVE(s): | CVE-2008-1019 | | Last Modified: | Apr 4 19:46:25 2008 |
| MD5 Checksum: | a58d7e9471769f1cf1501b1e61d2c73c |
|
| /// File Name: |
ZDI-08-015.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. A lack of proper sanity checks on the region size field can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Author: | Sanbin Li | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3223 | | Related CVE(s): | CVE-2008-1017 | | Last Modified: | Apr 4 19:47:18 2008 |
| MD5 Checksum: | 9c6642a80f757742c14a9e01a910ccbf |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
