Section: .. / 0609-advisories /
| /// File Name: |
04072006_alwil.pdf |
Description:
|
Hustle Labs Security Advisory - The alwil avast! Anti-virus Engine versions less than 4.7.869 for desktops and versions less than 4.7.660 for servers suffer from vulnerabilities that allows for local and remote code execution. Full details provided.
| | Author: | Ryan Smith | | Homepage: | http://www.hustlelabs.com/ | | File Size: | 73747 | | Last Modified: | Sep 8 08:42:20 2006 |
| MD5 Checksum: | 9e63a6957b390d0ddfbe8898b68abe1c |
|
| /// File Name: |
09.12.06-1.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4169 | | Related CVE(s): | CAN-2006-4384 | | Last Modified: | Sep 13 11:34:05 2006 |
| MD5 Checksum: | ef048ad8a96d5c19b668fd06a6e8abde |
|
| /// File Name: |
09.12.06-2.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the handling of 'CMap' and 'CIDFont' font data. When parsing this information no checks are made that the count of items for the 'begincodespacerange', 'cidrange' and 'notdefrange' sections. In addition to a 'standard' integer overflow, the implementation of 'vm_alloc()' makes it possible to overwrite memory before the allocated region. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4171 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 11:35:26 2006 |
| MD5 Checksum: | ab930cf9c2914748e6770fb45f293a80 |
|
| /// File Name: |
09.12.06-3.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the 'CIDAFM()' function of the code responsible for handling AFM (Adobe Font Metrics) files. The number of character metrics is obtained from the "StartCharMetrics" line of an AFM file and that value is then multiplied by the size of a single character metric record in order to calculate the space required to store the metrics. If the result of the multiplication is larger than the largest value that can be held in an integer, the amount actually allocated will be much smaller. Following this, the function attempts to read as many metric records as were specified on the line into that memory. As the contents of the file can be specified by a local user, and as the function will stop reading if an error is detected in the input, a controlled heap overflow may occur which may allow the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4644 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 11:36:58 2006 |
| MD5 Checksum: | 97c66e62c52c4ccea06aaf8bd119ac58 |
|
| /// File Name: |
152.txt |
Description:
|
Fantastic News versions 2.1.4 and below suffer from a remote file inclusion vulnerability.
| | Author: | Sx02 | | Homepage: | http://sx02.coresec.de/ | | File Size: | 1145 | | Last Modified: | Sep 8 08:54:02 2006 |
| MD5 Checksum: | f1839b9a504d6af0ba1f43d731a34a87 |
|
| /// File Name: |
AD20060912.txt |
Description:
|
Apple QuickTime versions 7.1.3 and below suffers from a flaw where a carefully crafted H.264 movie can trigger an integer overflow allowing for arbitrary code execution.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 3909 | | Last Modified: | Sep 13 11:31:36 2006 |
| MD5 Checksum: | cae16195d25ddd07441cf3356a785784 |
|
| /// File Name: |
ADOdbDate.txt |
Description:
|
Many files in the ADOdb Date Library will reveal their full path.
| | Author: | HACKERS PAL | | Homepage: | http://www.soqor.net | | File Size: | 2864 | | Last Modified: | Sep 15 01:19:15 2006 |
| MD5 Checksum: | e8fb0fe54ee78e6eb58687bd8a897b58 |
|
| /// File Name: |
anywhereUSB.txt |
Description:
|
AnywhereUSB/5 version 1.80.00 drivers are susceptible to an integer overflow vulnerability.
| | Author: | Itzik Kotler | | Homepage: | http://www.safend.com/ | | File Size: | 4189 | | Related CVE(s): | CVE-2006-4459 | | Last Modified: | Sep 7 10:20:01 2006 |
| MD5 Checksum: | 62a7454e96e65a5daaa2107dc66a9f46 |
|
| /// File Name: |
apple-kext-tools-20060822.txt |
Description:
|
Roxio Toast 7 Titanium on Mac OSX executes the kextload command with root privileges. The kextload command contains two vulnerabilities which can be exploited by a local user to gain local root access to the system. This advisory outlines both issues.
| | Author: | Adriel T. Desautels | | Homepage: | http://www.netragard.com/ | | File Size: | 7434 | | Last Modified: | Sep 14 09:36:51 2006 |
| MD5 Checksum: | c18c77a56f92aa78a1dde77414ee9aeb |
|
| /// File Name: |
APPLE-SA-2006-09-21.txt |
Description:
|
APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
| | Homepage: | http://www.apple.com/support/downloads/ | | File Size: | 6303 | | Last Modified: | Oct 3 01:14:13 2006 |
| MD5 Checksum: | 67d50ca1637b01d9ea6d85d2f9486f2d |
|
| /// File Name: |
aq71.txt |
Description:
|
Apple Quicktime versions 7.1 and below are prone to a heap overflow vulnerability. This flaw could lead to a remote code execution if an attacker tricks the victim to visit a malicious webpage with a specially crafted .fli animation embedded.
| | Author: | Rubén | | Homepage: | http://www.reversemode.com/ | | Related Exploit: | poc_fli.zip | | File Size: | 767 | | Last Modified: | Sep 16 10:56:44 2006 |
| MD5 Checksum: | 2d27736b50bd4f0e08e3eb1bf52cbd22 |
|
| /// File Name: |
AS05081201.txt |
Description:
|
Airscanner Mobile Security Advisory - PDAapps Verichat version 1.30bh suffers from a local password disclosure flaw.
| | Homepage: | http://www.airscanner.com | | File Size: | 2400 | | Last Modified: | Sep 7 10:00:17 2006 |
| MD5 Checksum: | 925552b98bf01f566859ab0a5fcdf7a4 |
|
| /// File Name: |
AS05081701.txt |
Description:
|
Airscanner Mobile Security Advisory - IM+ version 3.10 suffers from a local plaintext password disclosure flaw.
| | Homepage: | http://www.airscanner.com | | File Size: | 2403 | | Last Modified: | Sep 7 10:01:47 2006 |
| MD5 Checksum: | b1fd646a10648abee82cd6f15615ea8f |
|
| /// File Name: |
AS06070101.txt |
Description:
|
Airscanner Mobile Security Advisory - All versions of Abidia and OAnywhere pass login credentials for eBay in the clear via a standard HTTP POST.
| | Homepage: | http://www.airscanner.com | | File Size: | 2436 | | Last Modified: | Sep 9 03:57:30 2006 |
| MD5 Checksum: | 2f127ddd0fc7fc9c94baec3e8c5a50df |
|
| /// File Name: |
AS06260602.txt |
Description:
|
Airscanner Mobile Security Advisory - Pocket Expense Pro version 3.9.1 suffers from a flaw where user authentication can be disabled.
| | Homepage: | http://www.airscanner.com | | File Size: | 1984 | | Last Modified: | Sep 9 03:55:48 2006 |
| MD5 Checksum: | a6bae0ed7acc99cce433e6ea334b71f3 |
|
| /// File Name: |
BizDirectory.txt |
Description:
|
BizDirectory is vulnerable to cross site scripting attacks.
| | Author: | ali | | File Size: | 210 | | Last Modified: | Sep 22 02:55:45 2006 |
| MD5 Checksum: | 4aa255b7e496db620d562dc344569e0c |
|
| /// File Name: |
blackICEpc.txt |
Description:
|
BlackICE PC Protection suffers from a denial of service condition when failing to validate the third argument of NtOpenSection.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | File Size: | 1384 | | Last Modified: | Sep 7 08:35:09 2006 |
| MD5 Checksum: | 81d050fbe5e67a0b36c974fd2eb67725 |
|
| /// File Name: |
blogcms41.txt |
Description:
|
BLOG:CMS version 4.1 suffers from SQL injection flaws.
| | Author: | Omid | | File Size: | 625 | | Last Modified: | Sep 8 07:51:28 2006 |
| MD5 Checksum: | 40b0bfd69aba7114964102325aec6662 |
|
| /// File Name: |
Blojsom.txt |
Description:
|
Blojsom 2.3.1 suffers from a cross site scripting vulnerability.
| | Author: | p3rlhax | | File Size: | 4265 | | Last Modified: | Sep 15 01:01:35 2006 |
| MD5 Checksum: | e9d9fb985b675726b11bef0865a34600 |
|
| /// File Name: |
bmb-5.5.txt |
Description:
|
Blue Magic Board (BMB) 5.5 suffers from full path disclosure in multiple php scripts.
| | Author: | hack2prison | | File Size: | 518 | | Last Modified: | Sep 15 00:59:24 2006 |
| MD5 Checksum: | beb8bc1e66aebd5df2a94c4558279b91 |
|
| /// File Name: |
busybox-1.01.txt |
Description:
|
The Busy Box http daemon included in version 1.01 is vulnerable to a directory traversal attack.
| | Author: | bug-finder | | File Size: | 255 | | Last Modified: | Sep 22 02:10:57 2006 |
| MD5 Checksum: | 7ae71cd831ea4b4bf82ed007970d9cf4 |
|
| /// File Name: |
CAID-34616.txt |
Description:
|
CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
| | Homepage: | http://www3.ca.com/securityadvisor/ | | File Size: | 4284 | | Last Modified: | Oct 3 00:59:10 2006 |
| MD5 Checksum: | 31c8181be157b2538ea7ecf9e3c526d5 |
|
| /// File Name: |
canonDisclose.txt |
Description:
|
The Canon ImageRunner remote UI web interface software will reveal username and password pairs contained in address book entries when the address book is exported. Tested and verified on Canon iR C3220, iR 5020, iR9070, iR C6800, iR C6870, and iR 8500.
| | Author: | GR | | File Size: | 2290 | | Last Modified: | Sep 7 11:05:20 2006 |
| MD5 Checksum: | 51f5d277ec198b1f10ca9d211b51459d |
|
| /// File Name: |
CiscoGRE.txt |
Description:
|
Phenoelit Advisory - Cisco Systems IOS contains a bug when parsing GRE packets with GRE source routing information. A specially crafter GRE packet can cause the router to reuse packet packet data from unrelated ring buffer memory. The resulting packet is reinjected in the routing queues. Tested on C3550 IOS 12.1(19).
| | Author: | FX | | Homepage: | http://www.phenoelit.de/ | | File Size: | 6085 | | Last Modified: | Sep 7 11:17:39 2006 |
| MD5 Checksum: | f09a97e7d16b1d3caf71b6f332a4a856 |
|
| /// File Name: |
CiscoVTP.txt |
Description:
|
Phenoelit Advisory - Cisco Systems IOS contains bugs when handling the VLAN Trunking Protocol (VTP). Specially crafted packets may cause denial of service conditions, confusion of the network operator and a heap overflow with the possibility for arbitrary code execution.
| | Author: | FX | | Homepage: | http://www.phenoelit.de/ | | File Size: | 6768 | | Last Modified: | Sep 14 08:45:33 2006 |
| MD5 Checksum: | b8a3f27492d23e7b9594e53bc2864839 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
