Section: .. / 0805-advisories /
| /// File Name: |
cisco-sa-20080514-csm.txt |
Description:
|
Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17388 | | Related CVE(s): | CVE-2008-1749 | | Last Modified: | May 15 04:25:13 2008 |
| MD5 Checksum: | 0a7dfcd9f771e114ed6eafdd02388931 |
|
| /// File Name: |
dsa-1577-1.txt |
Description:
|
Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 5237 | | Related CVE(s): | CVE-2008-0167 | | Last Modified: | May 15 03:51:39 2008 |
| MD5 Checksum: | 81f578fa45368e855560e91c2dd60d4e |
|
| /// File Name: |
dsa-1576-1.txt |
Description:
|
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
| | Homepage: | http://www.debian.org/security | | File Size: | 15197 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:50:46 2008 |
| MD5 Checksum: | a79fd4e6e656f73f69d8c73cf16f3723 |
|
| /// File Name: |
glsa-200805-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2415 | | Related CVE(s): | CVE-2008-2109 | | Last Modified: | May 15 03:49:12 2008 |
| MD5 Checksum: | a924bb8eeda8ff0dbe39e3cd31978d5e |
|
| /// File Name: |
USN-612-6.txt |
Description:
|
Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8081 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:47:36 2008 |
| MD5 Checksum: | 1b121b32f5b219bf781da551ba98e314 |
|
| /// File Name: |
USN-612-5.txt |
Description:
|
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16139 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:46:36 2008 |
| MD5 Checksum: | 12c2407158560e7b8cd3525552c71aec |
|
| /// File Name: |
USN-612-4.txt |
Description:
|
Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4207 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:45:47 2008 |
| MD5 Checksum: | fbb384be18c0b97874a042383317e896 |
|
| /// File Name: |
officepub-corrupt.txt |
Description:
|
A memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 1355 | | Related CVE(s): | CVE-2008-0119 | | Last Modified: | May 15 01:13:56 2008 |
| MD5 Checksum: | c3c39fb97be35f9f59393df7386d6245 |
|
| /// File Name: |
sa29963.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for xen. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or truncate arbitrary files.
| | Homepage: | http://secunia.com/advisories/29963/ | | File Size: | 2341 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | e61c610e7712136c42c1c2f428552e31 |
|
| /// File Name: |
sa30016.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30016/ | | File Size: | 14985 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | a542c3f6ccf8d80c9d587940c8c55705 |
|
| /// File Name: |
sa30087.txt |
Description:
|
Secunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in Kmita Mail, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30087/ | | File Size: | 2239 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 32349f72afdc7be2ddf7d9091ec95706 |
|
| /// File Name: |
sa30126.txt |
Description:
|
Secunia Security Advisory - laurent gaffié has discovered a vulnerability in Novell Client, which can be exploited by malicious people with physical access to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30126/ | | File Size: | 2608 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | d633db907369a0faf1fb44d008bad6cf |
|
| /// File Name: |
sa30136.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openvpn. This fixes a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30136/ | | File Size: | 5937 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | ebb821fb15bf4b037d9609b782c0ad5d |
|
| /// File Name: |
sa30141.txt |
Description:
|
Secunia Security Advisory - Aviv Raff has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30141/ | | File Size: | 2529 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 38319848cf71f3d49e6eea3d7891d622 |
|
| /// File Name: |
sa30142.txt |
Description:
|
Secunia Security Advisory - Deniz Cevik has reported a vulnerability in ZyXEL ZyWALL 100, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30142/ | | File Size: | 2199 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 2de60629d4566515a1e7ba31088d411e |
|
| /// File Name: |
sa30151.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30151/ | | File Size: | 1867 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 2029274a2a024a78ce203248bd46f75d |
|
| /// File Name: |
sa30153.txt |
Description:
|
Secunia Security Advisory - Russ McRee has reported a vulnerability in Build A Niche Store (BANS), which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30153/ | | File Size: | 2113 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 4a5c164b11cb1012c2ca71f2003e0424 |
|
| /// File Name: |
sa30155.txt |
Description:
|
Secunia Security Advisory - A vulnerability been reported in Chicken, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30155/ | | File Size: | 1893 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 31fa01f78b9faeab14885460e7ce9d06 |
|
| /// File Name: |
sa30164.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/30164/ | | File Size: | 33780 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 0b3bb329832ac3cc912bea4c8c5a4b2f |
|
| /// File Name: |
sa30165.txt |
Description:
|
Secunia Security Advisory - David Sopas Ferreira has discovered two vulnerabilities in BlogPHP, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
| | Homepage: | http://secunia.com/advisories/30165/ | | File Size: | 2615 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | b28d4f157007a6010c9ea040e4e8174c |
|
| /// File Name: |
sa30166.txt |
Description:
|
Secunia Security Advisory - Matteo Carli has reported some vulnerabilities in cPanel, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/30166/ | | File Size: | 2660 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 35038bbee53cfd0cc8651310f25b6107 |
|
| /// File Name: |
sa30168.txt |
Description:
|
Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in ptex, which can be exploited by malicious, local users to manipulate certain data and malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30168/ | | File Size: | 2306 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 23c259e967c9d71b45f9c19a94001596 |
|
| /// File Name: |
sa30169.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for cdf. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30169/ | | File Size: | 1886 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 5bd027cf1b110384649ddd742e616513 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
