Section: .. / 0607-advisories /
| /// File Name: |
TA06-192A.txt |
Description:
|
Technical Cyber Security Alert TA06-192A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, IIS, and Office. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 8372 | | Related CVE(s): | CVE-2006-0026, CVE-2006-1314, CVE-2006-2372, CVE-2006-3059, CVE-2006-1316, CVE-2006-1540, CVE-2006-2389, CVE-2006-0033, CVE-2006-0007 | | Last Modified: | Jul 12 05:29:58 2006 |
| MD5 Checksum: | f08886b6a1e7df8cb305253314b27751 |
|
| /// File Name: |
SMBinfodisclose.txt |
Description:
|
An information disclosure vulnerability exists in the Microsoft Server service that could allow an attacker to retrieve fragments of memory from an affected host via the host's SMB server. Affected products include Microsoft Windows 2000, Microsoft Windows XP with Service Pack 1, Microsoft Windows XP with Service Pack 2, Microsoft Windows Server 2003, and Microsoft Windows Server 2003 with Service Pack 1.
| | Author: | Mike Price, Rafal Wojtczuk | | File Size: | 2706 | | Related CVE(s): | CVE-2006-1315 | | Last Modified: | Jul 12 05:27:51 2006 |
| MD5 Checksum: | 9358377db91461b8a827dad50e37321b |
|
| /// File Name: |
ZDI-06-022.txt |
Description:
|
A vulnerability in the rebuilding of malformed cell comments allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. Affected products include Office Excel 2003, Office Excel Viewer 2003, Office Excel 2002, Office Excel 2000, Office Excel 2004 for Mac, and Office Excel version X for Mac.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2765 | | Related CVE(s): | CVE-2006-2388 | | Last Modified: | Jul 12 05:25:04 2006 |
| MD5 Checksum: | 9de06baad3d1070075e2a5ab58fad0d3 |
|
| /// File Name: |
TSRT-06-02.txt |
Description:
|
The Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.
| | Author: | Pedram Amini, H D Moore | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2444 | | Related CVE(s): | CVE-2006-1314 | | Last Modified: | Jul 12 05:22:18 2006 |
| MD5 Checksum: | b47c1cbf91e63eaad1a5176c21856aef |
|
| /// File Name: |
CYBSEC-mswinDHCP.txt |
Description:
|
A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service. Affected include Microsoft Windows 2000 SP4 and below, Microsoft Windows XP SP2 and below, and Microsoft Windows 2003 SP1 and below.
| | Author: | Mariano Nunez Di Croce | | Homepage: | http://www.cybsec.com/ | | File Size: | 2619 | | Last Modified: | Jul 12 05:17:55 2006 |
| MD5 Checksum: | e5006150d8e56274970c6cccc19613a7 |
|
| /// File Name: |
USN-311-1.txt |
Description:
|
Ubuntu Security Notice 311-1 - A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 153729 | | Related CVE(s): | CVE-2006-0039, CVE-2006-2445, CVE-2006-2448, CVE-2006-2451 | | Last Modified: | Jul 12 05:13:11 2006 |
| MD5 Checksum: | 2fc78c9c9f579a3520a7baac3bc441b0 |
|
| /// File Name: |
MDKSA-2006-120.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-120 - A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 13289 | | Related CVE(s): | CVE-2006-3403 | | Last Modified: | Jul 12 05:11:03 2006 |
| MD5 Checksum: | a280dbb5918dfdd8b8f8ae91d9e45d02 |
|
| /// File Name: |
MDKSA-2006-119.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-119 - Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root. This could possibly lead to privilege escalation dependent upon the local winbind configuration.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3774 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 12 05:10:23 2006 |
| MD5 Checksum: | 3b48e0ee721a6e265751c2686b2998fe |
|
| /// File Name: |
dsa-1108-1.txt |
Description:
|
Debian Security Advisory 1108-1 - It was discovered that the mutt mail reader performs insufficient validation of values returned from an IMAP server, which might overflow a buffer and potentially lead to the injection of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5027 | | Related CVE(s): | CVE-2006-3242 | | Last Modified: | Jul 12 05:04:10 2006 |
| MD5 Checksum: | 432b6aeb548ac361aff1f6329c176081 |
|
| /// File Name: |
smbd-DoS.txt |
Description:
|
Samba versions 3.0.1 through 3.0.22 suffer from a memory exhaustion vulnerable in smbd that can result in a denial of service.
| | Homepage: | http://www.samba.org/ | | File Size: | 1632 | | Related CVE(s): | CAN-2006-1059 | | Last Modified: | Jul 12 05:03:38 2006 |
| MD5 Checksum: | 0fe61d58e1396ef0752d2060697ff0b1 |
|
| /// File Name: |
SYMSA-2006-007.txt |
Description:
|
Symantec Vulnerability Research Security Advisory SYMSA-2006-007 - There exists an overflow condition in Microsoft Office when a malformed string included in an Office file is parsed by any of the affected Office applications.
| | Author: | Elia Florio | | Homepage: | http://www.symantec.com/research | | File Size: | 4399 | | Related CVE(s): | CVE-2006-1540 | | Last Modified: | Jul 12 05:01:35 2006 |
| MD5 Checksum: | 6131d58d5bc2b9b5deb2679b3d8f998f |
|
| /// File Name: |
juniperXSS.txt |
Description:
|
The Juniper Networks DX System log is vulnerable to a persistent, unauthenticated XSS attack. This vulnerability can be exploited by an attacker to obtain full administrative access to the Juniper DX appliance. Versions 5.1.x are affected.
| | Author: | Darren Bounds | | File Size: | 996 | | Last Modified: | Jul 12 05:00:08 2006 |
| MD5 Checksum: | 8719102000f12cb92578aedd5343ca10 |
|
| /// File Name: |
USN-312-1.txt |
Description:
|
Ubuntu Security Notice 312-1 - Henning Makholm discovered that the gimp does not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15225 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 12 04:50:53 2006 |
| MD5 Checksum: | 6fdb44786e3500203812d79cd48e71f9 |
|
| /// File Name: |
dsa-1107-1.txt |
Description:
|
Debian Security Advisory 1107-1 - Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
| | Homepage: | http://www.debian.org/security | | File Size: | 7518 | | Related CVE(s): | CVE-2006-3082 | | Last Modified: | Jul 12 04:49:45 2006 |
| MD5 Checksum: | 34fee931bf41d912c5985a559e6d489c |
|
| /// File Name: |
phpPolls103.txt |
Description:
|
It appears that phpPolls version 1.0.3 allows for direct creation of a new poll without enforcing administrative privileges.
| | Author: | AlpEren, tugr | | Homepage: | http://www.ayyildiz.org/ | | File Size: | 454 | | Last Modified: | Jul 12 04:45:21 2006 |
| MD5 Checksum: | 9d4213aa0d0b65345bdbf53f65e48e27 |
|
| /// File Name: |
dsa-1106-1.txt |
Description:
|
Debian Security Advisory 1106-1 - Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid() call has been successful when trying to drop privileges, which may fail with some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 5182 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 12 04:25:51 2006 |
| MD5 Checksum: | 46ef060ac2e80a4229250e36a49bd56b |
|
| /// File Name: |
glsa-200607-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-05 - The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the Description, URL, Genre, AIM, and ICQ fields. Versions less than 1.9.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2823 | | Last Modified: | Jul 12 04:20:21 2006 |
| MD5 Checksum: | 6d361dfe88481c6bf43cb32284a58b42 |
|
| /// File Name: |
glsa-200607-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-04 - PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki. Versions less than 8.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3118 | | Last Modified: | Jul 12 04:19:55 2006 |
| MD5 Checksum: | 216e166f915a6f5bf082db84085a422f |
|
| /// File Name: |
glsa-200607-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-03 - A buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit. Versions less than 3.8.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2688 | | Last Modified: | Jul 12 04:17:17 2006 |
| MD5 Checksum: | f2b4e6e5ec695b356935a12f86f3e314 |
|
| /// File Name: |
glsa-200607-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-02 - Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). Versions less than 2.1.10-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2508 | | Last Modified: | Jul 12 04:16:54 2006 |
| MD5 Checksum: | f6b313cff80f35ba41421a7eb8567748 |
|
| /// File Name: |
nst-24.txt |
Description:
|
Graffiti Forums version 1.0 suffers from SQL injection vulnerabilities.
| | Author: | Paisterist | | Homepage: | http://www.neosecurityteam.net/ | | File Size: | 3824 | | Last Modified: | Jul 12 04:09:08 2006 |
| MD5 Checksum: | 2b4b878fc415927a205a667daf074ec7 |
|
| /// File Name: |
sa21009.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/21009/ | | File Size: | 2584 | | Last Modified: | Jul 12 03:40:14 2006 |
| MD5 Checksum: | 3350ab2ab6fedcab1b099d5c8fa4b968 |
|
| /// File Name: |
sa20707.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in WinGate, which can be exploited by malicious users to disclose potentially sensitive information and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/20707/ | | File Size: | 2675 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 0180add686438fdf1820813e4653b0e5 |
|
| /// File Name: |
sa20958.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious users to conduct script insertion attacks and disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/20958/ | | File Size: | 2727 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 139b1f39704fbf22ea9050eedd510e31 |
|
| /// File Name: |
sa20962.txt |
Description:
|
Secunia Security Advisory - rgod has discovered some vulnerabilities in Pivot, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/20962/ | | File Size: | 3595 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | eb061dc927b7bb048cceaf335940eba0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
