Section: .. / 0702-advisories /
| /// File Name: |
MDKSA-2007-049.txt |
Description:
|
Mandriva Security Advisory - A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4773 | | Related CVE(s): | CVE-2007-0451 | | Last Modified: | Feb 27 19:36:48 2007 |
| MD5 Checksum: | f4d8a1a4346dd02fafbba6c3cd88b3f7 |
|
| /// File Name: |
MDKSA-2007-047.txt |
Description:
|
Mandriva Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors that will trigger a null dereference. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4757 | | Related CVE(s): | CVE-2006-5701, CVE-2006-5823, CVE-2007-0006 | | Last Modified: | Feb 23 20:41:13 2007 |
| MD5 Checksum: | d7df8353a48d46de10cb6d602dfe77c9 |
|
| /// File Name: |
TA07-044A.txt |
Description:
|
Technical Cyber Security Alert TA07-044A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Works, Malware Protection Engine, Visual Studio, and Step-by-Step Interactive Training. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4752 | | Last Modified: | Feb 14 15:11:31 2007 |
| MD5 Checksum: | 4dcdd89aaeb0f7a4457b50fd535a3b69 |
|
| /// File Name: |
sa24192.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24192/ | | File Size: | 4662 | | Last Modified: | Feb 21 00:41:49 2007 |
| MD5 Checksum: | 891764729a3c87a68049a5e0e16a2f3c |
|
| /// File Name: |
secunia-ie7.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.
| | Author: | Jakob Balle | | Homepage: | http://secunia.com/ | | File Size: | 4652 | | Last Modified: | Feb 23 21:56:39 2007 |
| MD5 Checksum: | cac34bbafb574adea82cc7cf772428a8 |
|
| /// File Name: |
sa24327.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24327/ | | File Size: | 4623 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | dd080ced1cf4b563f345f84c49338320 |
|
| /// File Name: |
firefox-popup.txt |
Description:
|
There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 4615 | | Last Modified: | Feb 6 00:07:25 2007 |
| MD5 Checksum: | 539edaff52bc57444bea4293420707f2 |
|
| /// File Name: |
sa24183.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24183/ | | File Size: | 4593 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | d1483027baa2160f91ed77ca81c736b7 |
|
| /// File Name: |
sa24319.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24319/ | | File Size: | 4575 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 5f14ddb68cea7bbc2c0dd07b4fd92bd3 |
|
| /// File Name: |
02.22.07-3.txt |
Description:
|
iDefense Security Advisory 02.22.07 - Local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a denial of service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions, including those installed on other architectures, are suspected to be vulnerable as well. These vulnerabilities do not appear to affect DB2 Universal Database running on the windows platform.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 4529 | | Last Modified: | Feb 23 21:50:56 2007 |
| MD5 Checksum: | 3c9750c1e4a747af81e04379de4095d8 |
|
| /// File Name: |
02.23.07-1.txt |
Description:
|
iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to execute arbitrary code in the context of the affected application. The vulnerability specifically exists due to a design error in the processing of malformed SSLv2 server messages. By sending a certificate with a public key too small to encrypt the "Master Secret", heap corruption can be triggered which may result in the execution of arbitrary code. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4503 | | Related CVE(s): | CVE-2007-0008 | | Last Modified: | Feb 23 22:01:11 2007 |
| MD5 Checksum: | f7504baa6cc0b0fa891f4666537695f2 |
|
| /// File Name: |
TSRT-07-01.txt |
Description:
|
Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the StCommon.dll library and are reachable remotely through a DCE/RPC endpoint on TCP port 5168 bound to by the service SpntSvc.exe.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 4470 | | Related CVE(s): | CVE-2007-1070 | | Last Modified: | Feb 23 18:54:34 2007 |
| MD5 Checksum: | 408c2a0760febb98645392abc3554f7e |
|
| /// File Name: |
sa24243.txt |
Description:
|
Secunia Security Advisory - TippingPoint Security Research Team has reported some vulnerabilities in Trend Micro ServerProtect, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24243/ | | File Size: | 4428 | | Last Modified: | Feb 22 21:32:16 2007 |
| MD5 Checksum: | c318ac389b04acc72077a75dc57d1db0 |
|
| /// File Name: |
02.23.07-2.txt |
Description:
|
iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4420 | | Related CVE(s): | CVE-2007-0009 | | Last Modified: | Feb 23 22:01:56 2007 |
| MD5 Checksum: | 8c91b8eddd1ccac797ef1086095470ef |
|
| /// File Name: |
sa24143.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24143/ | | File Size: | 4418 | | Last Modified: | Feb 13 04:01:47 2007 |
| MD5 Checksum: | a4f1818c7a3d6ebd304c427df133eddb |
|
| /// File Name: |
sa24014.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24014/ | | File Size: | 4402 | | Last Modified: | Feb 4 23:30:20 2007 |
| MD5 Checksum: | 293bae6799fc9cabfcdcc6bc674fdf9d |
|
| /// File Name: |
sa22452.txt |
Description:
|
Secunia Security Advisory - Yag Kohha has reported a vulnerability in Microsoft Data Access Components, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/22452/ | | File Size: | 4291 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 15953ac5e941bc47b3d27b32eed1ed24 |
|
| /// File Name: |
sa24147.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24147/ | | File Size: | 4190 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | aad65efc86a702d4efc320d241b0f58d |
|
| /// File Name: |
sa24172.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in Cisco Firewall Services, which can be exploited by malicious people to cause a DoS or bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24172/ | | File Size: | 4099 | | Last Modified: | Feb 16 01:49:41 2007 |
| MD5 Checksum: | a9769a64d5ec7f0c4d4d3232bad8876d |
|
| /// File Name: |
TSRT-07-02.txt |
Description:
|
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the eng50.dll library.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 4074 | | Related CVE(s): | CVE-2007-1070 | | Last Modified: | Feb 23 18:56:09 2007 |
| MD5 Checksum: | dc02c0f8ffc95794928a507aa5b120a0 |
|
| /// File Name: |
sa24053.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24053/ | | File Size: | 4039 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 0ca0fc242ba5e1b606143f181d7456e1 |
|
| /// File Name: |
sa24100.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for the kernel. This fixes a security issue with unknown impact and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24100/ | | File Size: | 3992 | | Last Modified: | Feb 12 19:06:32 2007 |
| MD5 Checksum: | 873d068fcad4260acd97ccb9e91c577d |
|
| /// File Name: |
glsa-200702-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-07 - A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Versions less than 1.5.0.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3977 | | Related CVE(s): | CVE-2007-0243 | | Last Modified: | Feb 19 20:00:40 2007 |
| MD5 Checksum: | 20842e6d08e51bf34ca2821f89367023 |
|
| /// File Name: |
sa24136.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24136/ | | File Size: | 3948 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | e915295c2b6a3d92b2aee80ba8cecd94 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
