Section: .. / 0601-advisories /
| /// File Name: |
01.13.06.txt |
Description:
|
iDefense Security Advisory 01.13.06 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s Open Enterprise Server Remote Manager allows attackers to execute arbitrary code. iDefense has confirmed this vulnerability in Novell SUSE Linux Enterprise Server 9. All previous versions are suspected vulnerable. Novell SUSE Linux Enterprise Server components are included in Novell Open Enterprise Server; as such, Open Enterprise Server is also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3339 | | Related CVE(s): | CVE-2005-3655 | | Last Modified: | Jan 15 18:16:03 2006 |
| MD5 Checksum: | 48849109a4a18846114f813019abe2c4 |
|
| /// File Name: |
01.10.06.txt |
Description:
|
iDefense Security Advisory 01.10.06 - There exists a buffer overflow vulnerability in the /usr/bin/uustat binary in Sun Solaris 5.8 and 5.9.
| | Author: | Angelo Rosiello | | Homepage: | http://www.idefense.com/ | | File Size: | 3329 | | Related CVE(s): | CAN-2004-0780 | | Last Modified: | Jan 11 06:59:01 2006 |
| MD5 Checksum: | 4ad39c0ada22f985e083afceb290c183 |
|
| /// File Name: |
MDKSA-2006-021.txt |
Description:
|
Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3320 | | Last Modified: | Jan 27 08:40:14 2006 |
| MD5 Checksum: | 078c68b8c6af5529d5e0bbd7da18bdad |
|
| /// File Name: |
glsa-200601-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-13 - Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Versions less than 1.5.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3232 | | Last Modified: | Jan 27 07:46:09 2006 |
| MD5 Checksum: | ee2eaba254a342d1faad59ff80a1983f |
|
| /// File Name: |
fireclicking.txt |
Description:
|
Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).
| | Author: | Michael Krax | | Homepage: | http://www.mikx.de/fireclicking/ | | File Size: | 3217 | | Last Modified: | Jan 26 10:43:21 2006 |
| MD5 Checksum: | 64aab85262376be4b710a7ace4d6f5f4 |
|
| /// File Name: |
MDKSA-2006-002.txt |
Description:
|
Mandriva Linux Security Advisory - Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3215 | | Last Modified: | Jan 5 02:21:50 2006 |
| MD5 Checksum: | b457de1434f7ef0a925472b5b5f842d1 |
|
| /// File Name: |
Eterm-LibAST.txt |
Description:
|
Eterm when built links to LibAST. A stack overflow vulnerability exists in LibAST that allows an attacker to execute commands with user group utmp.
| | Author: | Rosiello Security | | Homepage: | http://www.rosiello.org | | File Size: | 3213 | | Last Modified: | Jan 27 08:13:40 2006 |
| MD5 Checksum: | 327f9688d3ffa5011b444bc14ca0724d |
|
| /// File Name: |
NetBSD-SA2006-002.txt |
Description:
|
NetBSD Security Advisory 2006-002 - The prohibition against setting the system time backwards at securelevel > 1 can be circumvented.
| | Homepage: | http://www.NetBSD.org/Security/ | | File Size: | 3207 | | Last Modified: | Jan 10 05:54:08 2006 |
| MD5 Checksum: | 2fdff858ac9159d97935dc26b5530ca3 |
|
| /// File Name: |
sa18331.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for Ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18331/ | | File Size: | 3195 | | Last Modified: | Jan 6 18:58:29 2006 |
| MD5 Checksum: | 81baeb0379a57e713ff53e081fde59d2 |
|
| /// File Name: |
sa18595.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for openssh. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/18595/ | | File Size: | 3192 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | e234e8378c9fb813d73e51abaae6308d |
|
| /// File Name: |
sa18430.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Cisco Aironet Wireless AP (Access Point), which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18430/ | | File Size: | 3165 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | d828389e86db79ecd04aee0ea6b092e6 |
|
| /// File Name: |
sa18549.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18549/ | | File Size: | 3154 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | 70dc7915d253947f2e3624b87a401db9 |
|
| /// File Name: |
dsa-953-1.txt |
Description:
|
Debian Security Advisory DSA 953-1 - Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3141 | | Last Modified: | Jan 25 09:28:42 2006 |
| MD5 Checksum: | cebfd4da0d137b3d24bce1b7434c6a10 |
|
| /// File Name: |
01.05.06-3.txt |
Description:
|
iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3098 | | Related CVE(s): | CAN-2005-3654 | | Last Modified: | Jan 8 06:22:27 2006 |
| MD5 Checksum: | 51328c7a5ad943401b04a139a636c740 |
|
| /// File Name: |
MDKSA-2006-022.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3091 | | Last Modified: | Jan 27 07:51:42 2006 |
| MD5 Checksum: | 200f3e6b64815aa9511bbb7a5923cc97 |
|
| /// File Name: |
01.05.06-1.txt |
Description:
|
iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists due to improper handling of a long HTTP request that is approximately 32,768 bytes long. When such a request occurs, the process will crash while attempting to read past the end of a memory region.
| | Author: | FistFuXXer | | Homepage: | http://www.idefense.com/ | | File Size: | 3039 | | Related CVE(s): | CAN-2005-3187 | | Last Modified: | Jan 8 06:20:28 2006 |
| MD5 Checksum: | 7bbb5db0939154c658a9a2161a256079 |
|
| /// File Name: |
EEYEB-20050801.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way Windows uncompresses Embedded Open Type fonts that would allow the author of a malicious web page to execute arbitrary code on the system of a user who visits the site, at the privilege level of that user.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 3037 | | Related OSVDB(s): | 18829 | | Related CVE(s): | CAN-2006-0010 | | Last Modified: | Jan 11 07:14:54 2006 |
| MD5 Checksum: | 30839ce0e878dfaa6b8a2dba3b624ec1 |
|
| /// File Name: |
sa18216.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and with unknown impact.
| | Homepage: | http://secunia.com/advisories/18216/ | | File Size: | 2984 | | Last Modified: | Jan 5 02:14:22 2006 |
| MD5 Checksum: | 358d9e3e5768cf1687d77ed836cc8883 |
|
| /// File Name: |
sa18585.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18585/ | | File Size: | 2981 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | ae8c8b28fd6ef1aa9b6bce5770669f36 |
|
| /// File Name: |
TA06-005A.txt |
Description:
|
Technical Cyber Security Alert TA06-005A - Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format. A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.
| | Homepage: | http://www.us-cert.gov | | File Size: | 2974 | | Last Modified: | Jan 8 06:24:03 2006 |
| MD5 Checksum: | d633db50e3ad33d50480c1e03eb0f8d8 |
|
| /// File Name: |
sa18315.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for nbd. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18315/ | | File Size: | 2960 | | Last Modified: | Jan 6 18:58:29 2006 |
| MD5 Checksum: | 6fccc65b205d224ca2561f0c3cbf7a6e |
|
| /// File Name: |
USN-240-1.txt |
Description:
|
Ubuntu Security Notice USN-240-1 - A buffer overflow was found in bogofilter's character set conversion handling. Certain invalid UTF-8 character sequences caused an invalid memory access. By sending a specially crafted email, a remote attacker could exploit this to crash bogofilter or possibly even execute arbitrary code with bogofilter's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2958 | | Related CVE(s): | CVE-2005-4591 | | Last Modified: | Jan 15 16:23:57 2006 |
| MD5 Checksum: | 2002194252695e17bae56d6af62923d1 |
|
| /// File Name: |
glsa-200601-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-04 - Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP requests. Versions less than 5.5.1.19175 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2947 | | Last Modified: | Jan 8 19:28:23 2006 |
| MD5 Checksum: | c0f65423d0f84c342825ad60d991290c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
