Section: .. / 0601-advisories /
| /// File Name: |
cisco-sa-20060118-ccmpe.txt |
Description:
|
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager versions with Multi Level Administration (MLA) enabled may be vulnerable to privilege escalation, which may result in read-only users gaining administrative access.
| | Author: | Cisco | | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml. | | File Size: | 12536 | | Last Modified: | Jan 25 08:48:10 2006 |
| MD5 Checksum: | 2f14c43515e9ab84f49c757094d62cf5 |
|
| /// File Name: |
cisco-sa-20060118-ccmdos.txt |
Description:
|
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.
| | Author: | Cisco | | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml. | | File Size: | 11830 | | Last Modified: | Jan 25 08:47:19 2006 |
| MD5 Checksum: | eb85865e7da449d533766493e57bd4c4 |
|
| /// File Name: |
sa18607.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18607/ | | File Size: | 11757 | | Last Modified: | Jan 25 18:27:50 2006 |
| MD5 Checksum: | 4c493cffe9ab9f48db5894fbcb7ee853 |
|
| /// File Name: |
SUSA-SA-2006-002.txt |
Description:
|
SUSE Security Announcement - iDEFENSE reported a security problem with the Novell Remote Manager. By passing a huge or negative size via a HTTP request header to httpstkd it was possible to corrupt heap memory and so potentially execute code.
| | Homepage: | http://www.suse.com | | File Size: | 11665 | | Related CVE(s): | CVE-2005-3655 | | Last Modified: | Jan 15 18:05:25 2006 |
| MD5 Checksum: | 52287cb8c3781e32c8a4c1ca74588e11 |
|
| /// File Name: |
sa18548.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18548/ | | File Size: | 11591 | | Last Modified: | Jan 21 07:11:29 2006 |
| MD5 Checksum: | 7fb8b99ddc32fe545d61ee784836c98a |
|
| /// File Name: |
dsa-933-1.txt |
Description:
|
Debian Security Advisory DSA 933-1 - Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server.
| | Author: | Michael Stone | | Homepage: | http://www.debian.org/security/ | | File Size: | 11168 | | Related CVE(s): | CVE-2005-3539 | | Last Modified: | Jan 10 06:14:14 2006 |
| MD5 Checksum: | 712032eac539837fc10550dcf7e10e27 |
|
| /// File Name: |
sa18385.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18385/ | | File Size: | 10483 | | Last Modified: | Jan 11 06:48:09 2006 |
| MD5 Checksum: | 1ebe6c3f0bcbdff0a565f88614aec311 |
|
| /// File Name: |
nmrc-14Jan2006.txt |
Description:
|
This advisory documents an anomaly involving Microsoft's Wireless Network Connection. If a laptop connects to an ad-hoc network it can later start beaconing the ad-hoc network's SSID as its own ad-hoc network without the laptop owner's knowledge. This can allow an attacker to attach to the laptop as a prelude to further attack.
| | Author: | Simple Nomad | | Homepage: | http://www.nmrc.org | | File Size: | 9985 | | Last Modified: | Jan 15 18:24:42 2006 |
| MD5 Checksum: | f839868422e9ffeb14223e1c4f5afe8e |
|
| /// File Name: |
dsa-936-1.txt |
Description:
|
Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9764 | | Related CVE(s): | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 | | Last Modified: | Jan 12 02:02:26 2006 |
| MD5 Checksum: | 75dcff2aa689f6c6b81d7b435e28267b |
|
| /// File Name: |
sa18366.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for hylafax. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18366/ | | File Size: | 9678 | | Last Modified: | Jan 11 06:48:09 2006 |
| MD5 Checksum: | be49d560f16e4f2e3c2ff4e3ce88fbee |
|
| /// File Name: |
sa18416.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for xpdf / kpdf / gpdf / kword. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18416/ | | File Size: | 9548 | | Last Modified: | Jan 12 01:49:01 2006 |
| MD5 Checksum: | 6c76f6d91faaeab47abd781ecd385ba7 |
|
| /// File Name: |
dsa-956-1.txt |
Description:
|
Debian Security Advisory DSA 956-1 - Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9515 | | Last Modified: | Jan 27 07:48:05 2006 |
| MD5 Checksum: | 21e0b931a8e3d6517a5e2d632a2b4d52 |
|
| /// File Name: |
dsa-948-1.txt |
Description:
|
Debian Security Advisory DSA 948-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9409 | | Last Modified: | Jan 22 23:57:27 2006 |
| MD5 Checksum: | 3042c569ac194ee76409cbd17cdc6a4f |
|
| /// File Name: |
dsa-952-1.txt |
Description:
|
Debian Security Advisory DSA 952-1 - "Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 8471 | | Last Modified: | Jan 25 09:27:11 2006 |
| MD5 Checksum: | 562bdae252e8a6db7b3de3198a44554c |
|
| /// File Name: |
sa18407.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libextractor. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18407/ | | File Size: | 8268 | | Last Modified: | Jan 12 17:56:50 2006 |
| MD5 Checksum: | a3dbb0ffaaa221255ab51e095116d3e7 |
|
| /// File Name: |
sa18561.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18561/ | | File Size: | 8225 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | 93ad0e63bba0759b05077b27f61e0bfe |
|
| /// File Name: |
SSRT061104.txt |
Description:
|
HPSBMA02094 SSRT061104 rev.1 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 8077 | | Last Modified: | Jan 27 08:21:56 2006 |
| MD5 Checksum: | a8ffb84c39d8b740ceec3bff7ae3f417 |
|
| /// File Name: |
dsa-949-1.txt |
Description:
|
Debian Security Advisory DSA 949-1 - Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7981 | | Last Modified: | Jan 22 23:58:03 2006 |
| MD5 Checksum: | 050390a0c2ae09b7b030232124edcc44 |
|
| /// File Name: |
dsa-946-1.txt |
Description:
|
Debian Security Advisory DSA 946-1 - It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7967 | | Last Modified: | Jan 22 23:53:45 2006 |
| MD5 Checksum: | 5d18f255d7b7f76aa9152ea9fce8761c |
|
| /// File Name: |
MDKSA-2006-025.txt |
Description:
|
Mandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7924 | | Last Modified: | Jan 27 07:54:28 2006 |
| MD5 Checksum: | 29753b4195001859c00f7e777981e047 |
|
| /// File Name: |
sa18623.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for lsh-utils. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18623/ | | File Size: | 7686 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | 88305bf0ccc1080da42db4b5997c41c2 |
|
| /// File Name: |
RHSA-2006-0157.txt |
Description:
|
Red Hat Security Advisory - A cross-site scripting flaw was found in the way Struts displays error pages. It may be possible for an attacker to construct a specially crafted URL which could fool a victim into believing they are viewing a trusted site.
| | Author: | Red Hat | | Homepage: | https://rhn.redhat.com/errata/RHSA-2006-0157.html | | File Size: | 7686 | | Related CVE(s): | CVE-2005-3745 | | Last Modified: | Jan 15 16:37:40 2006 |
| MD5 Checksum: | ace79271a106a4671cdd6b230f99152d |
|
| /// File Name: |
dsa-945-1.txt |
Description:
|
Debian Security Advisory DSA 945-1 - Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that two scripts in antiword, utilities to convert Word files to text and Postscript, create a temporary file in an insecure fashion.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7643 | | Last Modified: | Jan 22 23:34:45 2006 |
| MD5 Checksum: | 8ee15ae054608a7f20028994c125b713 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
